Page 229 - Open Soource Technologies 304.indd
P. 229

Unit 9: Web Techniques



            Complementing the open handler is the close handler, which is called after each page’s script   Notes
            is done executing. It performs any cleanup necessary when closing a session  (usually very
            minimal). Our database close handler simply closes the database connection:

            function close( ) { mysql_close( ); return true; }
            When a session is completed, the destroy handler is called. It is responsible for cleaning up
            anything created during the open handler’s call. In the case of the database storage system, we
            must remove that session’s entry in the table:

            function destroy($session_id) { global $table; mysql_query( “DELETE FROM $table WHERE
            session_id = ‘$session_id’”; return true; }

            The final handler, the garbage-collection handler, is called at intervals to clean up expired session
            data. The function should check for data that has not been used in longer than the lifetime given
            by the call to the handler. Our database garbage-collection handler removes entries from the
            table whose last-modified timestamp exceeds the maximum time:

            function gc($max_time)
            {

            global $table; mysql_query( “DELETE FROM $table WHERE UNIX_TIMESTAMP(expiration)
            < UNIX_TIMESTAMP( )-$max_time”) or error_log(“gc: “.mysql_error( ).”\n”,3,”/tmp/errors.
            log”); return true; }
            After creating all the handler functions, install them by calling session_set_save_handler( ) with
            the appropriate function names. With the preceding examples, call:
            session_set_save_handler(‘open’, ‘close’, ‘read’, ‘write’, ‘destroy’, ‘gc’);

            You must call session_set_save_handler( ) before starting a session with session_start( ). This
            is normally accomplished by putting the store functions and call to session_set_save_handler(
            ) in a file that’s included in every page that needs the custom session handler. For example:
            <?php require_once ‘database_store.inc’; session_start( ); ?>

            Because the handlers are called after output for the script is sent, no function that generates
            output can be called. If errors occur, log them into a file using error_log( ).

                          If the user’s browser does not support cookies or has cookies turned off, the
                          session ID is propagated in URLs within the web site.


                          We must set the session cookie_lifetime option in php.ini to the lifetime of
                          the cookie, in seconds; otherwise PHP session ID cookies expire when the
                          browser closes.

            9.6.3 Combining Cookies and Sessions
            Using a combination of cookies and your own session handler, you can preserve state across
            visits. Any state that should be forgotten when a user leaves the site, such as which page the
            user is on, can be left up to PHP’s built-in sessions. Any state that should persist between user
            visits, such as a unique user ID, can be stored in a cookie. With the user’s ID, you can retrieve
            the user’s more permanent state, such as display preferences, mailing address, and so on, from
            a permanent store, such as a database.





                                             LOVELY PROFESSIONAL UNIVERSITY                                   223
   224   225   226   227   228   229   230   231   232   233   234